The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,563 vulnerabilities with CWE-20
CVE-2020-36175
MEDIUM
Ninja Forms < 3.4.27.1 - Input Validation Bypass via Email Field
CVSS 5.3
CVE-2020-27844
HIGH
openjpeg < 2.4.0 - Out-of-Bounds Write via Crafted Input
CVSS 7.8
CVE-2020-25275
HIGH
Dovecot < 2.3.13 - Denial of Service via Crafted Email with MIME Parts
CVSS 7.5
CVE-2020-35493
MEDIUM
binutils < 2.34 - Heap Buffer Overflow via Crafted PEF File
CVSS 5.5
CVE-2020-26291
MEDIUM
URI.js <1.19.4 - Hostname Spoofing via Backslash-At URL Parsing
CVSS 6.5
CVE-2020-35789
HIGH
NETGEAR NMS300 Firmware < 1.6.0.27 - Authenticated OS Command Injection
CVSS 8.8
CVE-2020-35616
HIGH
Joomla! 1.7.0-3.9.22 - Write ACL Violation via Improper Input Validation
CVSS 7.5
CVE-2020-14273
HIGH
HCL Domino - Unauthenticated Denial of Service via Public API Input
CVSS 7.5
CVE-2020-9137
MEDIUM
Huawei CloudEngine 12800, 5800, 6800, and 7800 Firmware - Privilege Escalation via Insufficient Input Validation
CVSS 6.7
CVE-2020-27727
MEDIUM
BIG-IP 13.1.0-13.1.3.4, 14.1.0-14.1.3, 15.1.0-15.1.0.5, 16.0.0-16.0.0.1 - Authenticated Arbitrary File Read
CVSS 4.9
CVE-2020-2504
MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
CVSS 5.8
CVE-2020-27338
MEDIUM
Treck IPv6 <6.0.1.68 - Buffer Overflow
CVSS 5.9
CVE-2020-27337
HIGH
Treck IPv6 <6.0.1.68 - Memory Corruption
CVSS 7.3
CVE-2020-27336
LOW
Treck IPv6 <6.0.1.68 - Info Disclosure
CVSS 3.7
CVE-2020-24679
HIGH
ABB Symphony+ Historian and Operations - Denial of Service and Remote Code Execution via Crafted Messages
CVSS 7.5
CVE-2020-14231
HIGH
HCL Client Application Access v9 - Authenticated Stack Buffer Overflow via Input Parameter Handling
CVSS 8.8
CVE-2020-35623
HIGH
MediaWiki <1.35.1 - Privilege Escalation
CVSS 7.5
CVE-2020-3999
MEDIUM
VMware Workstation 15.0.0-15.5.6 and Fusion 11.5.0-11.5.6 - Denial of Service via GuestInfo Input Validation
CVSS 6.5
CVE-2020-27687
HIGH
ThingsBoard < 3.2 - Host Header Injection in Password-Reset Emails
CVSS 8.8
CVE-2020-27154
HIGH
Mitel BusinessCTI Enterprise - Info Disclosure
CVSS 8.8
CVE-2020-25611
MEDIUM
Mitel MiCollab < 9.2 - Cross-Site Scripting in AWV Portal
CVSS 6.1
CVE-2020-25608
HIGH
Mitel MiCollab < 9.2 - SQL Injection via SAS Portal
CVSS 7.2
CVE-2020-25606
MEDIUM
Mitel MiCollab < 9.2 - Cross-Site Scripting in AWV Component
CVSS 6.1
CVE-2020-7838
HIGH
Smilegate STOVE Client <0.0.4.72 - RCE
CVSS 8.8
CVE-2020-12521
MEDIUM
Phoenix Contact PLCnext Control Devices <2021.0 LTS - DoS
CVSS 6.5
Details
Vulnerabilities
12,563
Exploit Likelihood
High